I have a question regarding the internal audits for level 2 certificaiton. For our GAP analysis the auditor pointed out that the internal audit that we conducted did not cover all elements of level 2 SQF. I asked the auditor if i could use the module 2 and 11 checklist for level 2 that is provided by the SQF website, but he said that will not comply.

I understand it should cover module 2 and 11 and all elements of the SQF code. Im pressed for time with our approaching audit, and i need a check list that will comply with the SQF code. Does any one have a check list that covers module 2 and 11 that I can use for the internal audit. Also, after reading the guidance document for internal audit I do not know how often self audits should be conducted. Should it be monthly, every three months, six months, or annually. I was also told that it would be a conflict of interest for me (SQF prac.) to do the internal audit.

I doubt if anyone could provide you with a generic checklist for internal auditing of you food safety management system. Since SQF code dictates what you need to do to become certified, it allows you to meet the code requirements any way you wish as long as you're compliant. What this ultimately means is that you build your FSMS around your policies and procedures so long as they're compliant to the code. If they're not compliant you have to change your policies and procedures to make them compliant.

Okay, now that you have a SQF Level 2 compliant food safety management system you need to document it ("say what you do") and make sure that the people on the floor are following those policies and procedures ("do what we say"). During your SQF audit audit your SQF auditor first looks at your FSMS documentation in the desk audit phase to determine whether what you say you do to meet code requirements is code compliant. If it is, they verify that you're doing what you say during the facility audit ("prove it"). Internal auditing is done to catch any gaps or non-compliances so as to meet the ever-changing code and also to drive continuous improvement in your company.

Your internal audit is coordinated by your SQF Practitioner (probably you), so the SQFP would be responsible for creating an internal audit schedule, assembling a team of trained internal auditors, creating the checklists, assigning your trained internal auditors to your scheduled internal audits, and ultimately closing any identified gaps through your Corrective Action / Preventive Action system, then verifying that the gap was effectively closed. So you're correct that you can't actually do any actual internal auditing, but you ARE running the show.

Internal audit frequency is not prescribed by SQF. I schedule our internal audits to cover all aspects of the code on an annual basis.

I have a question regarding the internal audits for level 2 certificaiton. For our GAP analysis the auditor pointed out that the internal audit that we conducted did not cover all elements of level 2 SQF. I asked the auditor if i could use the module 2 and 11 checklist for level 2 that is provided by the SQF website, but he said that will not comply.

I understand it should cover module 2 and 11 and all elements of the SQF code. Im pressed for time with our approaching audit, and i need a check list that will comply with the SQF code. Does any one have a check list that covers module 2 and 11 that I can use for the internal audit. Also, after reading the guidance document for internal audit I do not know how often self audits should be conducted. Should it be monthly, every three months, six months, or annually. I was also told that it would be a conflict of interest for me (SQF prac.) to do the internal audit.

Please provide your thoughts

Thank you in advance,

Marvis Brown

Dear MBrown,

Not a user of SQF myself but I suspect yr query is close to FS standard-generic.

I presume your auditor was objecting on grounds of the format style of the downloadable audit checklist (eg non-question format / not fully itemised albeit textually complete). Being rather “cute” IMO if not willingly clarified upon request. I don’t really see why a checklist must be questionized but seems that this is the IA situation (my travelling inspection form is a mix).

Similarly to near final paragraph in detailed previous post, I get the impression many people simply reverse engineer the requirements from module2, etc to generate a question form ? In fact it seemed to me that Jason Young has already donated a nice, ready-to-be reversed document/ ver.7 in word form in an earlier thread here. Not sure if an equivalent, reversed checklist has been posted as well, perhaps not ??

I agree with comments in previous post that completing this form does not "complete" a demonstration of compliance of the FS system to the standard but the quick procedure does seem to be the basis of an auditorially accepted “minimalist” solution for BRC / SQF / ISO22000, eg suitable under heavy time-contraints ? Personally, for other standards, I also add on a Corrective Action segment after the IA list for convenient x-referencing and linking of potential risk-based changes to the scheduling. I noticed Jakmqa has posted a simple split schedule form for SQF (but maybe pre-ver.7 only) which could be modified if required.

I have a question regarding the internal audits for level 2 certificaiton. For our GAP analysis the auditor pointed out that the internal audit that we conducted did not cover all elements of level 2 SQF. I asked the auditor if i could use the module 2 and 11 checklist for level 2 that is provided by the SQF website, but he said that will not comply.

I understand it should cover module 2 and 11 and all elements of the SQF code. Im pressed for time with our approaching audit, and i need a check list that will comply with the SQF code. Does any one have a check list that covers module 2 and 11 that I can use for the internal audit. Also, after reading the guidance document for internal audit I do not know how often self audits should be conducted. Should it be monthly, every three months, six months, or annually. I was also told that it would be a conflict of interest for me (SQF prac.) to do the internal audit.

Please provide your thoughts

Thank you in advance,

Marvis Brown

Hi Marvis,

It would be interesting to know what elements the auditor said were not covered?
SQF Requires Internal Audits for:
facility and equipment inspections - you can draw up a generic checklist for these areas including elements from Module 11 of the SQF-Code-Edition-7-Checklist

pre-requisite programs - you can draw up a checklist based on procedures you have implemented
food safety plans - you can draw up a checklist based on plans you have implemented
legislative controls - you can draw up a checklist based on procedures & relevant legislation requirements

and there must be at least one complete SQF System internal audit per year which SQF-Code-Edition-7-Checklist should be suitable for this purpose.

Your internal audit schedule would normally be based on risk so high risk or exposed product areas/HACCP plans more than say warehouses where product is enclosed.

An easier way to do a complete internal audit is to create an Audit using the SQF Database (Reliance System). Once you get the checklists for the two modules in the website you can download and open them using the audit viewer (EtQ) or as Microsoft® Excel files. This way you will get to see all the Minors, Majors and Critical Non-Conformities that you can get, and prioritize their improvements accordingly.

You could do Internal Audits twice a year or as your company considers appropriate. Probably the most effective way is to do them before Management Review. That way top-management is in the mood to see the deviations and support you in taking actions prior to the External Audit.

Your internal audit is coordinated by your SQF Practitioner (probably you), so the SQFP would be responsible for creating an internal audit schedule, assembling a team of trained internal auditors, creating the checklists, assigning your trained internal auditors to your scheduled internal audits, and ultimately closing any identified gaps through your Corrective Action / Preventive Action system, then verifying that the gap was effectively closed. So you're correct that you can't actually do any actual internal auditing, but you ARE running the show.

Would it be a problem if we designate a lead internal auditor and they "run the show", not the SQFP? The SQFP would oversee everything but leave the details (create schedule, training program, etc.) up to the lead internal auditor.

Would it be a problem if we designate a lead internal auditor and they "run the show", not the SQFP? The SQFP would oversee everything but leave the details (create schedule, training program, etc.) up to the lead internal auditor.

I see nothing in the Guidance Document for 2.5.7.1 that specifies that the SQF Practitioner has to be the leader of your internal auditing team. Our initial certification auditor did say that it was a "must" that the SQFP did prepare the audit schedule, the audit checklists, assign the corrective actions and verify that any CA's were effectively corrected..... But I was the SQFP and HAD done all those things so it was a non-issue for the auditor.

Now when I read the Guidance Doc I see no mention of who's actually responsible for the above activities, so I'd have to say that your SQFP could delegate the various elements of the internal audit. Of course that would need to be documented in your SQF System (in the document that contains the policy, procedure, and responsibilities for internal audits).

It does specify that the actual internal auditors must be trained, but the guidance doc says that the training doesn’t need to be “formal”, but it does need to be documented. Internal auditing is really a difficult task, mainly because so many people are forced to wear yet another hat and there's bound to be some resentment on the part of the auditors and the auditees, but also tying all of the elements together and actually driving continuous improvement and closing gaps in your food safety (and quality if you’re going for Level 3) management system. My job as a food safety manager allows me to “run the show”, so it makes it a little smoother and efficient for the company, but it’s not a walk in the park for me. And when it’s actual SQF audit time if your SQFP isn’t VERY familiar with the program you may have some problems on your hands.

I have taken over the SQFP duties. The previous SQFP created the audit schedule with 2-3 codes to be audited per month. I have added our policy manual, internal and external audit findings, corrective actions and their investigations and resolutions, HACCP and customer complaints and their resolution and investigation. I also would like to change the frequency based on risk rather then each item being audited annually.

After the lead auditor started the audit training, she does not want to audit by code but rather by department. This seems like a headache and I fear items may be missed. It seems like most people here go about it by code as well. Thoughts?

The good thing of others (external) doing your audit is that they may know the code better, but the problem is that they may skip details and take it with them.

The good thing of you (SQFP) doing the audit is that you keep all the details with you, but you may be biased towards the SQF content.

I found that downloading all questions in Excel files is very useful. This past Wednesday the people from SQF made available a new tool for off-line audits. I have not used it yet, but they say that it has color coding for prioritizing items.

Reorganizing the code to fit your company needs is a fairly easy task. You can create an index (from the table of contents) and then add the departments in another column and then sort them by department. They do this to match SQF code with FSMA or other certification schemes (what they call gap analysis).

I am reaching the conclusion that is easier to use your company structure as the base rather than trying to modify the company to fit the code. As a safety practitioner you may have to deal with several codes (SQF, FDA... etc), and they may change more often than your company's structure. The codes can keep you entertained, but the goals of your company may be different.

The codes can keep you entertained, but the goals of your company may be different.

I agree! This may be a good thing - i.e. working hard and being entertained at the same time. I'm only a bit concerned that the goals of my company may be different. I thought that these SQF and the like schemes were supposed to align with my company goals, were they not?

gcse-fhp

. . . Some are timid and thereby rob the world of the contributions they can otherwise make. . .

I am reaching the conclusion that is easier to use your company structure as the base rather than trying to modify the company to fit the code.

I agree 100%! I have always made a "map" of how and where a company's FSMS satisfies a particular clause. A company may already have covered multiple clause requirements with one of their own elements, just point out where it is covered.

I find that many companies just want to go down a code, clause-by-clause, and start writing... this ends up in excessive and redundant technical writing.

As I remember when last working with the SQF Code (Issue 7), I took the companies monthly internal audit checklist and referenced what sections of the code each line applied to. I did this for myself, and just ended up leaving them on for the auditor to see (kinda made it audit proof as far as what sections of the code the audit covered).

Starting from scratch is another story, for some guidance I would most likely start with what SQF checklist states (and find the gaps as GOC mentioned above) as a general framework.